<?php

/*
	[UCenter] (C)2001-2099 Comsenz Inc.
	This is NOT a freeware, use is subject to license terms

	$Id: user.php 1078 2011-03-30 02:00:29Z monkey $
*/

! defined ( 'IN_UC' ) && exit ( 'Access Denied' );

class usermodel {

	var $db;
	var $base;

	function __construct(&$base) {
		$this->usermodel ( $base );
	}

	function usermodel(&$base) {
		$this->base = $base;
		$this->db = $base->db;
	}

	function get_user_by_uid($uid) {
		$arr = $this->db->fetch_first ( "SELECT * FROM " . UC_DBTABLEPRE . "members WHERE uid='$uid'" );
		return $arr;
	}

	function get_user_by_username($username) {
		$arr = $this->db->fetch_first ( "SELECT * FROM " . UC_DBTABLEPRE . "members WHERE username='$username'" );
		return $arr;
	}

	function get_user_by_email($email) {
		$arr = $this->db->fetch_first ( "SELECT * FROM " . UC_DBTABLEPRE . "members WHERE email='$email'" );
		return $arr;
	}

	function check_username($username) {
		$guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';
		$len = $this->dstrlen ( $username );
		if ($len > 15 || $len < 3 || preg_match ( "/\s+|^c:\\con\\con|[%,\*\"\s\<\>\&]|$guestexp/is", $username )) {
			return FALSE;
		} else {
			return TRUE;
		}
	}

	function dstrlen($str) {
		if (strtolower ( UC_CHARSET ) != 'utf-8') {
			return strlen ( $str );
		}
		$count = 0;
		for($i = 0; $i < strlen ( $str ); $i ++) {
			$value = ord ( $str [$i] );
			if ($value > 127) {
				$count ++;
				if ($value >= 192 && $value <= 223)
					$i ++;
				elseif ($value >= 224 && $value <= 239)
					$i = $i + 2;
				elseif ($value >= 240 && $value <= 247)
					$i = $i + 3;
			}
			$count ++;
		}
		return $count;
	}

	function check_mergeuser($username) {
		$data = $this->db->result_first ( "SELECT count(*) FROM " . UC_DBTABLEPRE . "mergemembers WHERE appid='" . $this->base->app ['appid'] . "' AND username='$username'" );
		return $data;
	}

	function check_usernamecensor($username) {
		$_CACHE ['badwords'] = $this->base->cache ( 'badwords' );
		$censorusername = $this->base->get_setting ( 'censorusername' );
		$censorusername = $censorusername ['censorusername'];
		$censorexp = '/^(' . str_replace ( array ('\\*', "\r\n", ' ' ), array ('.*', '|', '' ), preg_quote ( ($censorusername = trim ( $censorusername )), '/' ) ) . ')$/i';
		$usernamereplaced = isset ( $_CACHE ['badwords'] ['findpattern'] ) && ! empty ( $_CACHE ['badwords'] ['findpattern'] ) ? @preg_replace ( $_CACHE ['badwords'] ['findpattern'], $_CACHE ['badwords'] ['replace'], $username ) : $username;
		if (($usernamereplaced != $username) || ($censorusername && preg_match ( $censorexp, $username ))) {
			return FALSE;
		} else {
			return TRUE;
		}
	}

	function check_usernameexists($username) {
		$data = $this->db->result_first ( "SELECT username FROM " . UC_DBTABLEPRE . "members WHERE username='$username'" );
		return $data;
	}

	function check_emailformat($email) {
		return strlen ( $email ) > 6 && preg_match ( "/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email );
	}

	function check_emailaccess($email) {
		$setting = $this->base->get_setting ( array ('accessemail', 'censoremail' ) );
		$accessemail = $setting ['accessemail'];
		$censoremail = $setting ['censoremail'];
		$accessexp = '/(' . str_replace ( "\r\n", '|', preg_quote ( trim ( $accessemail ), '/' ) ) . ')$/i';
		$censorexp = '/(' . str_replace ( "\r\n", '|', preg_quote ( trim ( $censoremail ), '/' ) ) . ')$/i';
		if ($accessemail || $censoremail) {
			if (($accessemail && ! preg_match ( $accessexp, $email )) || ($censoremail && preg_match ( $censorexp, $email ))) {
				return FALSE;
			} else {
				return TRUE;
			}
		} else {
			return TRUE;
		}
	}

	function check_emailexists($email, $username = '') {
		$sqladd = $username !== '' ? "AND username<>'$username'" : '';
		$email = $this->db->result_first ( "SELECT email FROM  " . UC_DBTABLEPRE . "members WHERE email='$email' $sqladd" );
		return $email;
	}

	function check_login($username, $password, &$user) {
		$user = $this->get_user_by_username ( $username );
		if (empty ( $user ['username'] )) {
			return - 1;
		} elseif ($user ['password'] != md5 ( md5 ( $password ) . $user ['salt'] )) {
			return - 2;
		}
		return $user ['uid'];
	}

	function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '') {
		$regip = empty ( $regip ) ? $this->base->onlineip : $regip;
		$salt = substr ( uniqid ( rand () ), - 6 );
		$password = md5 ( md5 ( $password ) . $salt );
		$sqladd = $uid ? "uid='" . intval ( $uid ) . "'," : '';
		$sqladd .= $questionid > 0 ? " secques='" . $this->quescrypt ( $questionid, $answer ) . "'," : " secques='',";
		$this->db->query ( "INSERT INTO " . UC_DBTABLEPRE . "members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='" . $this->base->time . "', salt='$salt'" );
		$uid = $this->db->insert_id ();
		$this->db->query ( "INSERT INTO " . UC_DBTABLEPRE . "memberfields SET uid='$uid'" );
		return $uid;
	}

	function edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw = 0, $questionid = '', $answer = '') {
		$data = $this->db->fetch_first ( "SELECT username, uid, password, salt FROM " . UC_DBTABLEPRE . "members WHERE username='$username'" );

		if ($ignoreoldpw) {
			$isprotected = $this->db->result_first ( "SELECT COUNT(*) FROM " . UC_DBTABLEPRE . "protectedmembers WHERE uid = '$data[uid]'" );
			if ($isprotected) {
				return - 8;
			}
		}

		if (! $ignoreoldpw && $data ['password'] != md5 ( md5 ( $oldpw ) . $data ['salt'] )) {
			return - 1;
		}

		$sqladd = $newpw ? "password='" . md5 ( md5 ( $newpw ) . $data ['salt'] ) . "'" : '';
		$sqladd .= $email ? ($sqladd ? ',' : '') . " email='$email'" : '';
		if ($questionid !== '') {
			if ($questionid > 0) {
				$sqladd .= ($sqladd ? ',' : '') . " secques='" . $this->quescrypt ( $questionid, $answer ) . "'";
			} else {
				$sqladd .= ($sqladd ? ',' : '') . " secques=''";
			}
		}
		if ($sqladd || $emailadd) {
			$this->db->query ( "UPDATE " . UC_DBTABLEPRE . "members SET $sqladd WHERE username='$username'" );
			return $this->db->affected_rows ();
		} else {
			return - 7;
		}
	}
//	function update_uid_byusername($uid, $username) {
//		if ($uid == 0) {
//			return - 1;
//		}
//		if ($username == '') {
//			return - 2;
//		}
//		$this->db->query ( "UPDATE " . UC_DBTABLEPRE . "members SET uid=$uid WHERE username='$username'" );
//		return $this->db->affected_rows ();
//	}
	function delete_user($uidsarr) {
		$uidsarr = ( array ) $uidsarr;
		if (! $uidsarr) {
			return 0;
		}
		$uids = $this->base->implode ( $uidsarr );
		$arr = $this->db->fetch_all ( "SELECT uid FROM " . UC_DBTABLEPRE . "protectedmembers WHERE uid IN ($uids)" );
		$puids = array ();
		foreach ( ( array ) $arr as $member ) {
			$puids [] = $member ['uid'];
		}
		$uids = $this->base->implode ( array_diff ( $uidsarr, $puids ) );
		if ($uids) {
			$this->db->query ( "DELETE FROM " . UC_DBTABLEPRE . "members WHERE uid IN($uids)" );
			$this->db->query ( "DELETE FROM " . UC_DBTABLEPRE . "memberfields WHERE uid IN($uids)" );
			$this->delete_useravatar ( $uidsarr );
			$this->base->load ( 'note' );
			$_ENV ['note']->add ( 'deleteuser', "ids=$uids" );
			return $this->db->affected_rows ();
		} else {
			return 0;
		}
	}

	function delete_useravatar($uidsarr) {
		$uidsarr = ( array ) $uidsarr;
		foreach ( ( array ) $uidsarr as $uid ) {
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'big', 'real' ) ) && unlink ( $avatar_file );
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'middle', 'real' ) ) && unlink ( $avatar_file );
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'small', 'real' ) ) && unlink ( $avatar_file );
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'big' ) ) && unlink ( $avatar_file );
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'middle' ) ) && unlink ( $avatar_file );
			file_exists ( $avatar_file = UC_DATADIR . './avatar/' . $this->base->get_avatar ( $uid, 'small' ) ) && unlink ( $avatar_file );
		}
	}

	function get_total_num($sqladd = '') {
		$data = $this->db->result_first ( "SELECT COUNT(*) FROM " . UC_DBTABLEPRE . "members $sqladd" );
		return $data;
	}

	function get_list($page, $ppp, $totalnum, $sqladd) {
		$start = $this->base->page_get_start ( $page, $ppp, $totalnum );
		$data = $this->db->fetch_all ( "SELECT * FROM " . UC_DBTABLEPRE . "members $sqladd LIMIT $start, $ppp" );
		return $data;
	}

	function name2id($usernamesarr) {
		$usernamesarr = daddslashes ( $usernamesarr, 1, TRUE );
		$usernames = $this->base->implode ( $usernamesarr );
		$query = $this->db->query ( "SELECT uid FROM " . UC_DBTABLEPRE . "members WHERE username IN($usernames)" );
		$arr = array ();
		while ( $user = $this->db->fetch_array ( $query ) ) {
			$arr [] = $user ['uid'];
		}
		return $arr;
	}

	function id2name($uidarr) {
		$arr = array ();
		$query = $this->db->query ( "SELECT uid, username FROM " . UC_DBTABLEPRE . "members WHERE uid IN (" . $this->base->implode ( $uidarr ) . ")" );
		while ( $user = $this->db->fetch_array ( $query ) ) {
			$arr [$user ['uid']] = $user ['username'];
		}
		return $arr;
	}

	function quescrypt($questionid, $answer) {
		return $questionid > 0 && $answer != '' ? substr ( md5 ( $answer . md5 ( $questionid ) ), 16, 8 ) : '';
	}

}

?>